How to grant/revoke access tomultiple users on multiple google sheets - google-apps-script

I own 2 spreadsheets. One Master and one template.
On Master, I add patients and create a new spreadsheet for this client as a copy of the template. At this moment I give the client Edit access to this file.
This worked fine. But now I have to add staff and each of them needs Edit access to each copy of the template and Read access on the master.
Staff members come and go. I wonder what is the best way to simplify authorization.
Now I loop thru all files and give/revoke for each document. This is not performing in the long run.
Can I apply permission to a folder? or to a group and just add/remove staff to this security group? I'm new to the google apps script, hope you can show me the right path.
EDIT: Now I'm here
I need staff member to have access to view the master and edit any of the copies of the template. Also, I need people from outside the organization to have access to edit their own copy of the template.
I'm not sure how to proceed.
Also, I develop all this under my own Gmail account, now I have to move this into the orbit of the organization. What are the steps?

In your case, the easiest might be to create a Google Group and share your spreadsheet with it
When the staff members "come and go" you can simply add and remove them from the Google group and do not need to touch the spreadsheet's sharing settings.
Btw, when you create a copy of your spreadsheet programamtically, you can retrieve the editors of the current spreadsheet with getEditors() and assign them to the copied spreadsheet with addEditors()

Related

Is it possible to publish a private Apps Script add-on for Google Sheets that anyone with a link can install?

I have been tasked with developing a Google Sheets add-on that local middle/high school teachers can use with their students. I have a working prototype, but currently we can only distribute it by having teachers copy the container Sheet to their drive, then having students copy it from their teachers. Obviously this is messy, so I've been looking into publishing the add-on.
Is there a way to easily share a privately published add-on without manually approving each user or adding all those users to a domain? I need to be able to maintain control over the script so that bug reports/feature requests can be addressed, and the script needs to be able to be executed by an arbitrary number of students at any given time.
In order to publish an add-on you would need to create a GCP project to publish it.
When doing so, you have the option to make it private if you have a Google Workspace account as presented below:
As suggested by the steps provided over this documentation.
As an alternative for your case. The App Script projects are basically Drive files. You should be able to apply the same permissions and rules to it, it could help you with the students and the school. I notice some add-ons only share the link and ask you to make a copy or just add it as an add-on with the feature for their accounts.
If you are looking to do the same, you should be able to create a Google Group and use the option to share the file only with people that has been specific shared with.
Go to https://groups.google.com/
Create a group for students and teachers (separate them if you want)
This would create a special group email address that you can add to Drive
Example of the group email and the Drive interface:

Multiple owners of a Google Sheet

I have a google sheet and I am the owner of it. My colleague often wants ownership access of it, so we have to toggle the ownership between us by changing the Status every time. Is there a way I can have multiple owners for a Google Sheet? If it means using the App Script code, I am open to it too (I tried to find a code but haven't seen it yet).
Hoping to get help from folks here. Thank you in advance.
The answer is no. A google spreadsheet can have only one owner.
There are 4 different levels of permissions to allow for flexibility and control over security and access around users:
Ownership
Edit
Comment
View
If we assume that the owner does not have special protected ranges or sheets, which can only be edited by him/her, an editor can have the same privileges when it comes to editing/modifying the content as well as being able to share the file with other users. A spreadsheet file can have multiple users that belong to categories 2,3 and 4, but only owner (category 1).
There cannot be more than one Owner at a time. Transferring ownership in Google drive will lead the documents to be organized in a single folder, titled with the previous Owner’s email address. The original Owner will still have only the editing privileges.

Sharing a Google Spreadsheet containing a script with a workgroup so they can use it, but not modify it

I have written a Google Spreadsheet script which reads data from a user provided CSV file, populates a sheet with the data, makes a copy of the spreadsheet with a different name, and provides a link for the user to click to see the new spreadsheet. After making the new copy, the original spreadsheet is then cleared of user data and restored to its original state so other users can use it.
I want to share this spreadsheet with the workgroup (several hundred users), but I don't want them to be able to modify either the sheet or the script. If I share it read-only the script won't run, but to get the script to run I have to allow users edit capability and that is a bad thing.
I have googled myself silly trying to find a direction in which to go, but I am still wandering in the wilderness.
Can any of you point me in the right direction? If I need to be more specific or provide more information I will be glad to do so.
Thanks,
Larry
P.S. Other questions of note:
o Is it possible for a app-script in a spreadsheet to make the new copy active and 'close' the original shared spreadsheet?
o Can the user be made the owner of the new copy?
There is the option to put the code that you don't want modified, into a Stand Alone Apps Script file, then use that code as a "Library" in your script bound to the sheet. You can set the permissions on the Stand Alone Apps Script to VIEW only. That will keep people from changing it. When you share the Apps Script file with the users, they will get an email notification. So, they'll have the URL to the file, and can view it, but they can't edit it. (If you set it to VIEW only)
So, you'll be using both your spreadsheet file, and a Apps Script file. Two files, and setting the sharing to VIEW only on the Apps Script file. You can still give people EDIT access to the spreadsheet.
You'll need to go through a process of making the function available to your spreadsheet. This is called a "Library", but don't pay much attention to that name when creating the file.
Create a Stand Alone Apps Script
Create the function you want to share.
Get the Project Key --> FILE, PROJECT PROPERTIES
Share the Apps Script file with users you want to give access to, but only give them VIEW access to the file. NOT Edit.
Give the Project Key to the user, (In this case that's just you.) and have them add the library, or if you have access to the spreadsheet, you can probably add the key yourself. So, in your case, you will not be sharing the Project Key with anyone. You don't need to.
In the script file that is bound to the spreadsheet, click the RESOURCES menu, and the LIBRARIES menu item.
Enter the Project Key
Click SELECT button, and turn the library ON.
Make sure to set the library Identifier to a key word you'd like to use.
Go to the code editor, create a function, and type the Library Identifier.
All the functions that are available from the Library will show up
Google Documentation - Gaining Access to a Library
Keep in mind, that creating a library is nothing more than writing code in an Apps Script in a stand alone Apps Script file. If you've done that, then all you need to share is the Project Key. The user of the Library won't see a list of all the available Libraries when Resources, Libraries is opened. You need the Key.

Can a script automatically share Google Drive files to another email address?

Does anyone know if it would be possible to set up a script on my Google account that triggers when a new item is shared to the email and then automatically shares it with another email address?
I use a personal Gmail account, but whenever I do school work documents are always shared with my school email and it is a pain to have to share everything manually or keep switching accounts.
When I looked a few weeks back I was unable to find a way to have a script trigger on new shared items, but I am new to these scripts so if anyone has a suggestion I would appreciate it. Thanks!
I don't think you can actually triggers on new items. But you can write a script to read the Drive feed to easily check if there's new files.
Such script would still have to be triggered on a time-driven basis, so you wouldn't have "instant" access on your second account. Also, if I'd write such script, I would just create a folder, share it with the desired accounts, then use the script just to move the files to this folder. This approach has the benefit of easily allowing you to check which files are shared (with your specific account) and which aren't. And since folders are actually just labels in Drive, it is not any problem if you like or need to have your files organized in another folder structure.
By the way, have you seen Chrome users feature? It helps a lot when working with multiple accounts.

Remove Revision History

I'm using Google Apps Script to run an encryption on data in a spreadsheet. It's working fine, but that handy revision history in the spreadsheet makes it a bit of a moot point as you can simply view a version prior to the encryption.
Is there a way to delete revision histories, or to simply keep them from being created all together?
No.
The Drive API for accessing revision history specifically does not delete entries on Google sheets.
Something to note revision history is only viewable by those with edit rights. View or comment only rights cannot see revision history.
One solution is to have users submit data to a very narrowly shared sheet via Google forms and set up a trigger to copy the non sensitive meta/aggregate data that you are leaving unencrypted to a more public sheet for access by untrusted users and scripts. the cell formula IMPORTRANGE() would also work it gets access permission from the person entering the formula and can therefore move data from a restricted spread sheet to a less restricted one without compromising the original sheet.
A second solution that is slightly more cumbersome, but closer to your ask, is to provide users and external scripts with access to a drive folder containing the sheet. With the ID of the folder scripts can then search for the sheet by name via the drive api, users use their eyes to find it by name. Your encryption script, once done encrypting, copies the spreadsheet using SpreadsheetApp.copy(name)which will copy all of the formulas, formatting, data, even scripts, but not the revision history. Pass copy() the same name as the original sheet, drive file names do not have to be unique. Use the drive api to move the new spreadsheet to the folder, it should inherit the sharing of the folder by default. Again with the drive API delete the original spreadsheet. Because all users and scripts were looking for a file named X in a specific folder ID everything is still exactly where they expect to find it, but the revision history is gone.
Unfortunately Google Apps Script doesn't provide a method to remove items from the revision history.
Copy all spreadsheet, restore to the first version and then, paste de spreadsheet :)
For Google Documents I managed to get rid of the revision history by making a copy of the document. Not sure if that will work for spreadsheets too.